2. <Infrastructure resilience, 2013 Slide 2
Resilience
• Resilience is the ability of assets, networks
and systems to anticipate, absorb, adapt to,
and recover from a disruptive event or series
of events.
• Resilience is about maintaining the continuity
of a service in the presence of disruptive
events
4. <Infrastructure resilience, 2013 Slide 4
Pandemic disease
• Pandemic disease is the highest impact
risk because it potentially affects the
whole of a national infrastructure as
people become ill
5. <Infrastructure resilience, 2013 Slide 5
Cyber attacks
• Cyber attacks that compromise
confidentiality are not likely to have a
major impact on the availability of a
national infrastructure
• But cyber attacks that affect the control
systems are more serious
6. <Infrastructure resilience, 2013 Slide 6
Risk impact
• Risk impact is related to the extent of
the damage to infrastructure assets
7. <Infrastructure resilience, 2013 Slide 7
Impact depends on locality
• Local incidents, such as a terrorist
attack on physical infrastructure, have
limited impact because they only affect
a small part of that infrastructure
8. <Infrastructure resilience, 2013 Slide 8
Organisational infrastructure
• Organisations may be more vulnerable
than physical infrastructure
• Incidents that affect the organisational
infrastructure can have more significant
impact
– Organisations are less likely to be distributed
9. <Infrastructure resilience, 2013 Slide 9
Risk impact
• Because physical infrastructure is
distributed, failures in one part of a
physical network are localised
– A crack is discovered in one bridge but this does
not affect other bridges in the network
10. <Infrastructure resilience, 2013 Slide 10
Software vulnerability
• However, software control changes this
– If common elements of an infrastructure are
networked and controlled by the same software, a
failure in one element (especially a malicious
attack) can propagate throughout the network
– Large-scale failures and unavailability therefore
become possible
11. <Infrastructure resilience, 2013 Slide 11
Infrastructure dependencies
• All infrastructure
elements now
depend on power and
communications
• Failure and
unavailable of these
infrastructures has
the most impact
Photo: creative commons/flickr/anemoneprojectors
13. <Infrastructure resilience, 2013 Slide 13
Infrastructure vulnerabilities
• Old/insecure
software
control
systems
Image: http://commons.wikimedia.org/wiki/File:SCADA_PUMPING_STATION_1.jpg
14. <Infrastructure resilience, 2013 Slide 14
Infrastructure vulnerabilities
• Lack of monitoring systems
• Lack of coordination across
infrastructure elements
15. <Infrastructure resilience, 2013 Slide 15
Infrastructure vulnerabilities
• Lack of knowledge of infrastructure
state or dependencies
• Lack of knowledge of infrastructure
demand
18. <Infrastructure resilience, 2013 Slide 18
Resistance
• Based on previous experience and
assumptions
• Changing world or external
circumstances may mean that
assumptions are invalid
19. <Infrastructure resilience, 2013 Slide 19
Reliability
• Infrastructure components should be
designed to operate under a range of
(anticipated) conditions not just
‘normal’ operating conditions
20. <Infrastructure resilience, 2013 Slide 20
Reliability
• Components, as far as possible, should
be designed for ‘soft’, incremental rather
than catastrophic failure
21. <Infrastructure resilience, 2013 Slide 21
Digital and analog systems
• Digital systems are more brittle than
analog systems
• Analog systems often fail gradually;
computer-based systems often simply
crash
22. <Infrastructure resilience, 2013 Slide 22
Redundancy
• The network or system as a whole
should be designed so that there
are backup installations and spare
capacity available.
23. <Infrastructure resilience, 2013 Slide 23
Redundancy
• Examples
– Computing support should be provided by different
providers in different locations
– Diverse generation capacity for electricity
– Multiple locations for command and control
24. <Infrastructure resilience, 2013 Slide 24
Response and recovery
• Respond to distruptive events quickly,
limiting the damage as far as possible
and ensuring public safety
25. <Infrastructure resilience, 2013 Slide 25
Response and recovery
• Plan how to restore services as quickly
as possible in the event of a loss of
capability
• Business continuity planning
• Disaster recovery
26. <Infrastructure resilience, 2013 Slide 26
Achieving resilience
• Advance planning to draw up contingency plans to
cover anticipated problems
• (a) good design of the network and systems to
ensure it has the necessary resistance, reliability and
redundancy (spare capacity), and
• (b) by establishing good organisational resilience to
provide the ability, capacity and capability to respond
and recover from disruptive events.
27. <Infrastructure resilience, 2013 Slide 27
Key points
• Critical infrastructure resilience is the ability of
the infrastructure to continue to deliver
essential services during and after a
hazardous event
• Infrastructure resilience depends on planning
for contingencies and effective infrastructure
design
28. <Infrastructure resilience, 2013 Slide 28
Key points
• Software control of infrastructure systems
potentially increases vulnerability because the
effects of an event may not be localised
• Resilient infrastructure design is based on 4
R’s – resistance, reliability, redundancy, and
recovery